Description of problem: DefaultSecurityHelper.requiresLogin() will allow you to access any page over a non secure connection without authenticating first. When you are over a secure connection you are only allowed to access allowedPages. The problem with that is that css and xsl files are not on the allowedPages so if a user trys to access the login page over a secure connection guess what??? They can't get the css files to format the login page. Worse yet, if PatternStylesheetResolver trys to get xsl files over a secure connection it will either throw a java.security.cert.CertificateException or be grabbing the login page rather then the xsl file!
I changed the ccm-dispatcher to /* which was why I was having this problem